The State of Cybersecurity in Australia

Businesses around the world are in a state of high alert when it comes to cybersecurity, and Australia is no exception. In fact, according to a report from the Australian government, companies based there were subjected to at least one attack every seven minutes-an alarming statistic that highlights just how pervasive cyber threats have become.

Last year, ACSC, or the Australian Cyber Security Centre, received 76,000 cybercrime reports. It marked a 13% YoY increase. The report contains insights from various security agencies like the Australian Security Intelligence Organization, Defence Intelligence Organization, Department of Home Affairs, Criminal Intelligence Commission, and Australian Federal Police. All these agencies unanimously said the attacks targeted both Australian businesses and individuals. The most at-risk sectors included the commonwealth and state government systems and critical sectors like health, education, and training.

What's happening in Australia?

• The rise of online dependency

Much like the rest of the world, one of the primary reasons for the sharp increase in cyberattacks in Australia is the rise of digital dependency in the post-pandemic world. Amid the larger adoption of remote work culture, the incidents and the risk of data breaches have also increased.

• The lack of cybersecurity infrastructure

During the pandemic, most businesses shifted their businesses online. However, scaling security infrastructure could not keep pace with the speed of technological adoption. Small and medium businesses were the worst hit as they did not have the resources to bridge the technology-security gap. 

• Technological advancement

With each technological advancement, the attack surface increases. As a developed country with a streamlined digital presence, Australia exposed its legacy systems to cyber threats when it adopted newer technologies. Also, the latest technologies it adopted did not come with watertight security. This way, its existing and new systems became the prime targets for cybercriminals.

• State-sponsored cyberattacks

As geopolitical tensions continue to rise, Australia's involvement in international organizations leaves it vulnerable to attacks from state-sponsored hackers. These cybercriminals, including the Chinese Ministry of State Security and Russia-linked groups and those with ties to Iran, have been ruthlessly targeting Australian businesses for years through what is often referred to as 'bleeding them with a thousand cuts.'

• Shortage of skills

The global skills shortage in the cybersecurity domain is contributing to Australia's skyrocketing attack rate. Without enough skilled security professionals, it has become increasingly difficult for countries to protect against cyber threats.

• New bill to increase the penalty for data breaches

The Australian government has passed a bill to increase penalties for companies suffering from serious or repeated data breaches. the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information, whichever is greater.

How is Australia meeting these challenges?

In the wake of recent major breaches, the Australian government recently passed a bill to ensure that Australian companies follow strict security policies. The bill has exponentially increased the penalties for companies susceptible to data breaches. Among other punitive measures, the fines for the defaulters have risen to AU$ 50 million from AU$ 2.22 million. These fines intend to impose financial costs on companies that do not adhere to the best security practices. 

Apart from ensuring that organizations follow strict security protocols, the government is also investing to make the cybersecurity infrastructure in the country robust. The Australian government’s cybersecurity strategy plans to invest $1.67 billion in security in the next ten years. But more than financial investments, the strategy emphasizes best practices for the government, businesses, and individuals to ensure cybersecurity. The plan consists of the following protocols:

Government 

The strategy advises the government to: 

• Allocate more resources and increase security measures for government systems and information

• Assist organizations in putting together security measures

• Share cyber threat-related information with the public

• Constantly monitoring cybercrimes and the dark web

Businesses

To ensure that businesses have a secure cybersecurity infrastructure, this strategy sets forth the following measures:

• Ensure cybersecurity systems in the company are up to date

• Delivering digital products as services to customers with strict security and privacy measures

• Ensure the workforce is compliant and goes through regular cybersecurity training

• Perform risk analysis to monitor malware attacks and vulnerabilities and put proper checks in place

Besides government and businesses, the strategy also advises the public to be aware, report, and take precautions in case of an attack.

The way forward

With the rise in cyberattacks, the government is in overdrive to minimize the risks. While the government puts laws and measures in place, organizations need to take preventative measures and ensure strong security measures are in place.

Packetlabs is a Canadian SOC2-certified cybersecurity firm specializing in penetration testing services. We offer pentesting solutions worldwide and provide quick engagement starts. Book your pentest for 2023 today!